Microsoft has officially launched its Recall AI snapshot tool, but it still appears to be capturing sensitive information, leading one expert to say “there are [privacy] landmines everywhere.”

Microsoft Recall is the company’s AI-powered tool that takes snapshots of virtually everything the user does, converts them to text, and saves them to a database that can be searched with natural expressions. Unfortunately, there are a number of potential security and privacy implications with such a tool.

Cybersecurity expert Kevin Beaum🦄ont🐽 has previously been critical of Recall, saying Microsoft is “going to deliberately set cybersecurity back a decade & endanger customers.” Beaumont’s criticism was among the avalanche of criticism that caused Microsoft to delay Recall by roughly a year, all in an effort to address the concerns.

Beaumont has taken , praising Microsoft for addressing many of the issues that weꦯre apparent in the early builds.

Following my post and coverage online, it wa♐s announced Recall would become opt-in.. then it wouldn’t be available on Copilot+ PC at launch, then it was d🎃elayed for Windows Insider testing, then it was delayed again.

It was, frankly, a pretty baffling and rare self own from Microsoft. It reminded me a lot of the Xbox One E3 launch, where Microsoft execs were misaligned with what customers wanted, and fumbled the messaging in 🃏what they were offering.

Beaumont goes on to praise Microsoft for making the feature opt-in, vs is initial opt-out, as well as for encrypting the 💃database that stores the snapshot data. Recall now tries to filter out sensitive data, turning off snapshotting when sensitive data is onscreen.

Unfortunately, Recall’s efforts to filter sensitive data is not always as reliable as Microsoft and users might like.

Th🐓e feature to filter sensitive data doesn’t appear to work reliably, across multiple devices from testing.

For example, I updated my credit card in Microsoft’s own account interface, and Recall re𝄹corded it.

In this ꦓsnapshot I🌸’d typed an invalid credit card number, but it also captured the valid card number. It indexed both, and both were findable under “credit card” in Recall search. It captured and indexed the CVV, too.

It’s unclear why Recall saved this — possibly because I use Vivaldi as a web browser? Either way — I’d assumed it wasn’t saving this as sensitive information filter was on… but it just didn’t work reli🉐ably for me. In some cases, great. In other cases, I was ✅surprised by what it captured. You basically need to be careful to review what Recall is recording, which is difficult when it records everything you do. The best advice I can give is pause Recall before shopping online to ensure it isn’t recording, then reenable it afterwards.

It’s clear Microsoft has made significant progress in making Recall more secure, and somewhat more private. Ultimately, however, Beaumont makes the case that Recall is poorly positioned for what it does, and would be far better off serving as an accessibility tool, such as for those with Mild Cognitive Impairment.

I also think — to be perfectly honest — Mic🍌rosoft’s positioning of Recall is wrong for customers. As it currently stands, I don’t think gamers will want to enable Recall. I don’t think the average home user will want to enable Recall. I think many businesses will have large barriers around PII and legal discovery — enabling users to have a photographic memory on their PC of every command they’ve typed into SSH sessions, all the PII they accessed without realising it was being recorded, aꦰnd everything else they’ve done opens up a whole new class of risk, and will drive concern about suppliers using Recall.

My take would be Microsoft should reinvest in empathy. Recall is a great accessibility feature for people with conditions like Mild Cognitive Impairment (MCI). Recall should be the kind of feature people want to enable, with clear use ca🔜ses and risks explained.

Given that Recall 🅰is now opt-in, it remains to be seen if customers will enable it. As Beaumon🤪t points out, Recall is oddly positioned and unlikely to appeal to much of its target audience but, ultimately, only time will tell.